Cisco Prime Collaboration Provisioning 9.5 Deployment Guide [Cisco Prime Collaboration]

This document provides a step-by-step guide for successful deployment of Cisco Prime^™ Collaboration 9.5. Cisco Prime Collaboration consists of two applications, Cisco Prime Collaboration Assurance and Cisco Prime Collaboration Provisioning. This product is based on the Linux operating system. It incorporates both voice and video management tools in one single product. It replaces the older Cisco Prime Operations Manager, Cisco Prime Service Monitor, Cisco Prime Collaboration Manager, and Cisco Prime Provisioning Manager.

This document will specifically cover the deployment steps for Cisco Prime Collaboration Provisioning. Refer to the Cisco Prime Collaboration Assurance Deployment Guide for Cisco Prime Collaboration Assurance deployment steps.

Introduction

Cisco Prime Collaboration 9.5 allows voice and video network operations centers (NOCs) to visualize, monitor, and troubleshoot Cisco TelePresence^®, voice, and video infrastructure applications and also to provision users and their voice services. This guide examines the details of all the aspects of deploying Cisco Prime Collaboration 9.5. The Cisco Prime Collaboration product is a converged application. There are two separate applications, Cisco Prime Collaboration Assurance and Cisco Prime Collaboration Provisioning, which are installed on separate virtual machines, but you can view the converged application in a single pane of glass. You can run these applications either as:

• A converged application with single sign-on, which provides a converged user interface with launch points for both Assurance and Provisioning, or

• Standalone applications with separate login. This mode provides a separate user interface for Assurance and Provisioning features.

The Cisco Prime Collaboration Assurance product allows network operators to monitor and throubleshoot their voice and video networks. It provides tools to troubleshoot video sessions and diagnostic tests to proactively find issues in the network before users experience them. It also has comprehensive reporting and notification capabilities.

The Cisco Prime Collaboration Provisioning product allows administrators to provision users and their unified communication services such as phones, lines, voicemail, and presence using a single user interface. It has a powerful auditing feature that allows you to track all the changes. It also has a self-care feature that allows administrators to empower end users to provision services, such as speed dialing and call forwarding, on their devices and change Cisco^® Unified Communications Manager and voicemail passwords and PINs. It also has configuration templates that allow you to automatically configure the Cisco Unified Communicatons voice infrastructure in a consistent way.

Terms

A variety of terms used within Cisco Prime Collaboration Provisioning and this document may be new to the reader or may need to be clarified in the context of Cisco Prime Collaboration Provisioning (Table 1).

Table 1. Terms Related to Cisco Prime Collaboration Provisioning

Term	Definition
Attributes	Option settings. These may have true/false, text, template, or keyword settings.
Admins	Admins are those with authorization to perform various tasks in Cisco Prime Collaboration Provisioning. There are global admins and domain admins.
Communications Manager	Cisco Unified Communications Manager (UCM), formerly Cisco Unified CallManager.
Domain	A logical partition to subdivide a shared environment to create separate local administrative partitions.
Domain admin	An administrator that has provisioning access to one or more domains. A domain admin generally will not have higher-level access to set up infrastructure devices or the overall Cisco Prime Collaboration Provisioning system.
Domain sync	Domain synchronization.
MAC or MACD	Moves, adds, changes, or deletes.
globaladmin	Top-level administrator with access to all system resources. Typically the globaladmin sets up the system and delegates management tasks to domain admins.
Service area	A logical partition to subdivide a shared environment within a domain.
Subscriber	An entity that uses IP telephony services provided by the Cisco Unified Communications System.
Sync	Import configuration information from Cisco Unified Communications devices. There are three types of sync: infrastructure sync, subscriber sync, and domain sync.
Users	Also referred to as admins.

Provisioning Overview

Cisco Prime Collaboration Provisioning is one of the Cisco Prime Collaboration products and is a business-process-oriented provisioning tool that utilizes management domains, rules, and policy to control provisioning of subscriber services and network infrastructure.

Provisioning is done by ordering services or ordering service changes rather than by modifying individual attributes on individual applications. Every change to the infrastructure or subscriber services is done by submitting an order. All orders are tracked to provide an audit trail. Orders can be submitted through the provisioning GUIs or through templates, batch files, and APIs.

Provisioning is subscriber/infrastructure oriented. Every order is placed against a subscriber ID or the infrastructure ID. Phones are assigned to subscribers. Services are provisioned for subscribers.

Cisco Prime Collaboration Provisioning is designed to support Cisco products only. There is no direct support for third-party call devices. Cisco Prime Collaboration Provisioning does not use Simple Network Management Protocol (SNMP) for provisioning. It uses Cisco AXL, SQL calls, and Telnet or Secure Shell (SSH) Protocol style communications depending on the device type being provisioned.

Cisco Prime Collaboration Provisioning supports a large number of Cisco Unified Communications elements including Cisco Unified Communications Manager (UCM), Communications Manager Express, Cisco Unity^®, Cisco Unity Express, Cisco IOS^® Software devices, and Cisco Unity Connection revisions.

Installation

The Cisco Prime Collaboration Assurance and Cisco Prime Collaboration Provisioning Open Virtualization Archive (OVA) files must be installed on separate virtual machines if you are installing both. For Cisco Prime Collaboration Provisioning, if you have more than 10,000 phones you need to install the application and database on separate virtual machines. The same Provisioning OVA can be used to install both. The options are given at install time to install application, database, or both. You can choose what you want to install depending on the number of phones you plan to manage.

Prerequisites

You can install Cisco Prime Collaboration as a VMware Virtual Appliance-only (as an OVA) file that you can import into your VMware Virtual Infrastructure. Cisco Prime Collaboration runs on any VMware certified hardware with ESXi 4.1 or 5.0 or 5.1 installed. Large (more than 10,000 endpoints) or very large (more than 100,000 endpoints) deployments require ESXi 5.0 or higher.

Note: Hyperthreading must be disabled in the server (BIOS level) for better performance of Cisco Prime Collaboration. See your hardware documentation for information about disabling hyperthreading.

Server Requirement

Please refer to the installation guide at http://www.cisco.com/en/US/docs/net_mgmt/prime/collaboration/9.5/quick/start/guide/Cisco_Prime_Collaboration_Quick_Start_Guide_9_5.html for the exact requirements.

Client Requirement

Please refer to the installation guide at http://www.cisco.com/en/US/docs/net_mgmt/prime/collaboration/9.5/quick/start/guide/Cisco_Prime_Collaboration_Quick_Start_Guide_9_5.html.

Preparing for Installation

Download the software from the download site for Cisco Prime Collaboration Provisioning. The software is available as OVA files and is available for small, medium, large, and very large deployments. The OVAs contain the operating system (Linux) as well, so all you need to do is deploy the OVA on your VMware server.

If you need the Cisco Prime Collaboration Assurance application, you need to download that software as well; again, it is available as OVA files.

Please refer to the Quick Start Guide at http://www.cisco.com/en/US/docs/net_mgmt/prime/collaboration/9.5/quick/start/guide/Cisco_Prime_Collaboration_Quick_Start_Guide_9_5.html for the OVA details.

It is recommended that you know the values (beforehand) for the following parameters as you are required to specify them at the console prompts while configuring the virtual appliance:

• IP Address: The IP address of the virtual appliance.

• IP default netmask: The default subnet mask for the IP address.

• IP default gateway: The IP address of the default gateway.

• Default DNS domain: The default Domain Name System (DNS) domain.

• Primary nameserver: The primary name server. You may add the name server. To configure several name servers, enter y.

• Primary NTP server [time.nist.gov]: The primary Network Time Protocol (NTP) server.

To enter a secondary NTP server, enter y at the next prompt.

• Timezone: The time zone set for Cisco Prime Collaboration. When you are prompted to enter the system time zone, specify the default time zone - UTC. You can use SSH to change the time zone after you install the Cisco Prime Collaboration Assurance or Cisco Prime Collaboration Provisioning server; the time stamp that is displayed on the UI is the server time. You must use the same time zone for the Cisco Prime Collaboration Assurance and Cisco Prime Collaboration Provisioning servers in converged mode. For a list of supported time zones, see http://docwiki.cisco.com/wiki/Supported_Timezones_for_Prime_Collaboration.

• Username: Command-line interface (CLI) admin user name. The user name is admin, by default. However, you can specify the user name of your choice.

• Password: CLI admin password. This password is used to log in to CLI to check the application status and perform back up and restore.

• Root user: Superuser who has all privileges in CLI.

• Root password: Specify a password for the root user.

• globaladmin: Superuser who can access both Cisco Prime Collaboration Assurance and Cisco Prime Collaboration Provisioning UI.

• globaladmin password: Specify a password for the globaladmin.

Checking Port Availability

Make sure the firewall is opened for the required ports to manage the voice and video infrastructure from the Cisco Prime Collaboration server. Refer to http://docwiki.cisco.com/wiki/Required_Ports_for_Prime_Collaboration for the list of ports. This lists the ports required for both the Cisco Prime Collaboration Assurance server and Cisco Prime Collaboration Provisioning server.

Upgrading Deployments

For upgrading from one deployment to the next, for example, from small to large, refer to the following steps. You can upgrade the deployment model for Cisco Prime Collaboration using the steps below.

If you need to upgrade your deployment model from small to medium, you must first upgrade your hardware resources, such as, vRAM, vCPU, and vDisk. Increase the virtual disk size by adding a new vDisk if your vDisk already has four partitions. (Refer to the VMware documentation to upgrade the hardware resources).

# /opt/emms/emsam/bin/cpcmtuning.sh

From the options displayed, choose the deployment model (excluding option 1) that you wish to upgrade to, and then select Y to proceed with upgrading or N to reselect the deployment model.

Licensing the Product

Please refer to the Quick Start Guide at http://www.cisco.com/en/US/docs/net_mgmt/prime/collaboration/9.5/quick/start/guide/Cisco_Prime_Collaboration_Quick_Start_Guide_9_5.html for licensing details.

Direct Versus Indirect Provisioning

Cisco Prime Collaboration Provisioning does not always directly communicate with devices to set configurations. Endpoints, for example, get their provisioned settings from Cisco Unified Communications Manager, which is directly provisioned by Cisco Prime Collaboration Provisioning. The following sections outline how devices are provisioned.

Direct Provisioning

Cisco Unified Communications Manager and Cisco Unity devices: Cisco Unified Communications Manager has API interfaces referred to as AXL interfaces. Cisco Prime Collaboration Provisioning talks directly to Cisco Unified Communications Manager through AXL and connects to Cisco Unity SQL server using Java Database Connectivity (JDBC).

Communications Manager Express: Communications Manager Express is a Cisco IOS Software application that runs on Cisco routers and provides telephony services. Since Communications Manager Express is a Cisco IOS Software application, Cisco Prime Collaboration Provisioning communicates with the router using the Cisco IOS Software CLI.

Cisco Unity Express: Cisco Unity Express is a software application that runs on a service module installed either in a Cisco modular router or in integrated hardware in a Cisco modular router. Part of the Cisco Unity Express configuration is done through the Cisco IOS Software interface for the router and part through the service module command interface.

Indirect Provisioning

Phones: Cisco Prime Collaboration Provisioning does not directly communicate with the phones, but configures Cisco Unified Communications Manager with phone settings. The phones get their configurations from Cisco Unified Communications Manager.

Microsoft Exchange: Cisco Prime Collaboration Provisioning does not directly communicate with Exchange, but Microsoft Exchange indirectly gets users added during the provisioning of a voice mail account to a Cisco Unity subscriber.

Presence: Cisco Prime Collaboration Provisioning support of Presence server devices is limited to Cisco Unified Personal Communicator (UPC) provisioning. Presence settings related to a subscriber's service are also set on Cisco Unified Communications Manager.

Required Device Protocols and Software Versions

All the information that you need to enter in Cisco Prime Collaboration Assurance in order to successfully manage the Cisco Voice and Video Infrastructure is provided at http://docwiki.cisco.com/wiki/Setting_up_Devices_for_Prime_Collaboration_Assurance.

For Cisco Prime Collaboration Provisioning refer to http://docwiki.cisco.com/wiki/Supported_Devices_for_Prime_Collaboration_Provisioning.

What Do Companies Use Cisco Prime Collaboration Provisioning for?

Different companies have different pain points or return on investment (ROI) goals they would like solved by Cisco Prime Collaboration Provisioning. They use all or part of the Cisco Prime Collaboration Provisioning "toolbox" to solve their business problems. The toolbox can be subdivided into a set of tools by problem to be solved or by type of operation.

Usage by Problem to Be Solved

I need to roll out one or more sites

For the first site or two, it generally is best to use the Cisco Unified Communications applications' GUIs to directly set up the Cisco Unified Communications applications and devices. If more sites are going to be deployed, it is best to capture common deployment settings in templates with keywords for devices or site names. It is usually better to make smaller templates of common settings and later nest them to create a larger template to describe a specific site. Some large companies have rolled out many sites by creating templates for common areas, such as manufacturing buildings, sales offices, and retail stores. These sites can be added to templates that are built for different physical regions or countries to make sites uniformly configured based on function while customized by state or country.

When rolling out new sites, it is often required to add many subscribers and their services all at once. If this is the case, batches can be created with lists of user IDs, phone types, and services. These batches can be loaded into the order management system in Cisco Prime Collaboration Provisioning to be executed immediately or at a future date to bulk-create users and user services in a new site. This functionality is sometimes used to bulk-migrate subscribers from a legacy PBX into a Cisco voice-over-IP (VoIP) network.

Summary: The tools are infrastructure templates and the batch order functions.

I want onsite or regional administrators to handle MACs and password reset

Cisco Prime Collaboration Provisioning can have a single domain for all subscribers or multiple domains with subscribers. In order to delegate day 2 tasks to different regional administration groups, subscribers for each group can be put in different domains. With this configuration, administration for a specific subscriber group can be delegated to a specific regional administrator or regional administration group. A regional administrator assigned to manage subscribers in one domain will not be able to make changes to subscribers in another domain.

When a day 2 administrator is created in the provisioning system, that person can be assigned to multiple domains.

Summary: The deployment architecture needed is multidomain. Tools required are the order manager GUI and possibly the multidomain administration feature.

I need to create uniform configurations across one or more clusters

In some cases companies have had turnover in IT staff, causing many different individuals to configure Communications Manager and resulting in inconsistent provisioning. Another case is when multiple companies merge and want to bring together two or more Cisco Unified Communications networks, each configured differently. Rather than manually sorting out the configurations server by server, templates can be used to create uniform configurations. This is similar to rolling out new sites. The templates can be pushed out to all Communications Managers, making the configurations consistent.

Summary: Nested templates with keyword replacement are used to produce consistent, repeatable configurations across clusters.

I need to be notified when an event occurs

Cisco Prime Collaboration Provisioning allows you to set up notifications in case of an event's occurrence. You can choose whether you want the system events to be aggregated or sent out as soon as the event occurs. The time that you enter will start after the occurrence of the first event. During this time, should other related events occur, an aggregated notification with details of all such events will be sent out in one single email once the time value expires.

Notifications can be set at two levels:

• System settings: Settings to configure notifications for system events like order failures and synchronization failures. Events are aggregated based on type. For example, all synchronization failures will be aggregated in one email and order failures in a separate email.

• Domain settings: Settings to configure notifications for workflow events like order approvals, assignment, shipping, and receiving in the domain. Again, events are based on workflow event type. For example, all approval emails are aggregated together whereas all emails about assignment will be aggregated in a separate email. You can also set an escalation window in the domain notifications template. The value set for the escalation window would make the system send out an email to the system administrators after the time specified if no action was taken for the triggering event (for example, order approvals).

Summary: The email notifications improve the manageability by allowing you to view the critical events like synchronization failures, order failures, and order approvals. See Figures 1 and 2.

Figure 1. Provisioning Notification Management in Standalone Provisioning Setup

Figure 2. Provisioning Notification in Single UI for Assurance and Provisioning Setup

I need to create distribution lists. Are there any limitations/recommendations?

Cisco Prime Collaboration Provisioning supports distribution lists on Cisco Unity and Cisco Unity Connection devices but with the following recommendations:

• It is recommended to organize the distribution list in a hierarchy structure. Each distribution list should contain a maximum of 500 members. You can make it nested by having another distribution list as a member under the top distribution list that can again contain 500 members.

• If you are adding members to a distribution list through Cisco Prime Collaboration Provisioning, it supports adding 200 new members in one instance.

• If you are modifying (adding or deleting members) a distribution list through Cisco Prime Collaboration Provisioning, the total number of modifications (removals and additions) in one instance should not be more than 200. For example, if you are removing some members (say X members) and adding new members (say Y members), the sum of X and Y should not be more than 200 members.

• Cisco Prime Collaboration Provisioning does not limit the creation of distribution lists, which may have thousands of members, as long as the add operation is done by adding 200 members each time. However, slow response in the user interface may be encountered when a user views a distribution list that has a large number of members.

Analog Voice Gateway and Phone Support

What is a voice gateway reference?

• Each analog voice gateway registered to UCM is called a voice gateway reference in Cisco Prime Collaboration Provisioning.

• Cisco Prime Collaboration Provisioning supports voice gateways (VG224, VG204, VG202) with Skinny Call Control Protocol (SCCP).

Why do we need a voice gateway reference?

• To provision analog phones from Cisco Prime Collaboration Provisioning.

How do you get voice gateway references in Cisco Prime Collaboration Provisioning?

• To get the voice gateway reference from UCM into Cisco Prime Collaboration Provisioning, perform an infrastructure sync on the UCM to which the analog voice gateway is registered.

• Cisco Prime Collaboration Provisioning also allows addition of voice gateway references into UCM through:

– Infrastructure configuration

– Configuration template

– API

– Batch

Voice Gateway Infrastructure Provisioning

• Cisco Prime Collaboration Provisioning supports voice gateways (VG224, VG204, VG202) as an infrastructure product on Communications Manager.

• Cisco Prime Collaboration Provisioning will sync back all the voice gateway references with SCCP during UCM infrastructure sync. See Table 2.

Table 2. Supported Unified Communication Manager Versions for VG Support

Product Type	Protocol	Supported UCM Versions	Subunit Value
VG224	SCCP	6.x and later	24FXS-SCCP
VG204	SCCP	6.x and later	4FXS-SCCP
VG202	SCCP	6.x and later	2FXS-SCCP

Enabling Analog Phone Support in Cisco Prime Collaboration Provisioning

By default, analog phones cannot be managed in Cisco Prime Collaboration Provisioning.

To manage analog phones, we need to set the dfc.ipt.cisco.callmanager.analog_phone property to Y in ipt.properties to enable this feature:

Log in as root to the Cisco Prime Collaboration Provisioning server. Go to the following directory: /opt/cupm/sep and open the ipt.properties file. Change the property from N to Y as shown below.

dfc.ipt.cisco.callmanager.analog_phone_support: Y

After updating the ipt.properties file, Cisco Prime Collaboration Provisioning restart is required.

cpc2-prov/admin# application stop cpcm

Wait for a minute or two for the ports to be freed and run the following command to start the server:

cpc2-prov/admin# application start cpcm

Analog Phone Using Batch

Sample batch files for add, change, replace, and cancel operations for analog phones will be available in /opt/cupm/sep/ipt/config/sample/batchProvisioning/.

• AddAnalog_Phone.txt

• AddAnalog_PhoneService.txt

• ChangeAnalog_Phone.txt

• ReplaceAnalog_Phone.txt

• CancelAnalog_Phone.txt

You need to use SFTP as the root user to the Cisco Prime Collaboration Provisioning server and go to the directory given above to get the files.

Move Subscribers and Services

Cisco Prime Collaboration Provisioning supports the movement of a subscriber from one domain to another. The subscriber's services along with the subscriber will be moved to the new domain as well. However, in this release, Cisco Prime Collaboration Provisioning will support moving the services to a service area that is associated with the same processor. This feature is supported through the UI, batch operations, and the API. Cisco Prime Collaboration Provisioning will support full rollback in this feature; that is, if the move fails for one service area, the rest of the service area's settings are rolled back.

This feature is not supported in the following scenarios:

• Subscriber is a pseudo subscriber

• Subscriber has pending orders

• Syncs are running on the subscriber's domain or the devices in that domain

• Deletion is running on the subscriber's domain or the devices in that domain

• Subscriber is being moved from one call processer to another

Move Services

Cisco Prime Collaboration Provisioning supports the movement of a subscriber service from one service area to another. This will be similar to the movement of subscriber services in the Move Subscriber feature. The difference is that with Move Service, the end user will be able to move a service to another service area in the same domain only. The service will be allowed to move to any service area that is associated with the same processor.

This feature is also helpful if there are some changes made to the subscriber's existing service area settings and the administrator would like them to be applied to the subscriber's existing services. The admin can move the services to the same service area and check Apply All to apply the new service area settings to all the existing services.

When moving multiple services, if one move operation fails, a rollback order will be created and all the completed move orders are rolled back to their earlier service area.

Provision Jabber Services

In Prime Collaboration 9.5 you can provision Day 1 jabber services using the Deploy->Unified Communication Services Menu. Here you can setup the Service Profile, SIP Profile, Soft Key Template and Service Parameter for CUCM 9.1 and above.

After this you can order Jabber for users using the normal ordering process. Jabber service ordering needs to be done in a Service Area set with the SIP Protocol. Jabber for Desktop, Jabber for Android, Jabber for Iphone, Jabber for Tablet and Jabber for Blackberry are available to be ordered. So even if the Jabber is set for a role if you are ordering in a SCCP based Service Area the Jabber product will not show up.

Localization

Cisco Prime Collaboration Provisioning supports translated language files. Users could download the language bundle and run the utility that comes with the bundle to install the localization files. Once the installation is completed, the admin will need to restart the Cisco Prime Collaboration Provisioning server. The language (German, French, or English) setting in the browser is used to select the language to be shown in the browser. Other language files will be created based on business opportunities.

LDAP Synchronization

You can configure Cisco Prime Collaboration Provisioning to synchronize users/subscribers from an external Lightweight Directory Access Protocol (LDAP) server. With this feature, Cisco Prime Collaboration Provisioning can populate its subscriber database with user IDs directly from an associated LDAP source. Configuring and scheduling LDAP synchronization are done through domain configuration.

A filter query can be configured at the domain level to allow Cisco Prime Collaboration Provisioning to get only user IDs that belong in a specific domain, as opposed to importing the entire LDAP directory into each domain. Complex filters can be created based on the available fields in Microsoft Active Directory.

There are options to control how Cisco Prime Collaboration Provisioning removes the users. The "Always Delete" option can be configured when a user is no longer in the LDAP directory; then the user will be removed from Cisco Prime Collaboration Provisioning and the user's services will be moved to the global namespace. The "Delete if user has no services" option prevents a user from being deleted if the user still has associated services. These optional settings can help remove unused services and free up directory numbers after employees have left a company.

After an LDAP synchronization occurs, a report is generated. The report lists the number of new users created, the number of existing users updated, and the number of users deleted during the synchronization. The report also lists the operations that could not be performed during the synchronization. The failed operations can be due to incorrect data entered into the LDAP server or due to wrong settings.

Notes:

• Cisco Prime Collaboration Provisioning will only read the user information from the LDAP server. Cisco Prime Collaboration Provisioning will not write any information to the LDAP server.

• Only Microsoft Active Directory servers 2000, 2003, and 2008 are supported as LDAP servers.

• LDAP synchronization only creates the users. It does not add their services to their subscriber records. Make sure you run domain synchronization after LDAP synchronization so that the subscribers' services are added to their subscriber records.

• The user search base configured in LDAP services in the domain is used to synchronize LDAP users into the Cisco Prime Collaboration Provisioning subscriber database. While the LDAP user search base is configured when users are added, the authentication, authorization, and accounting (AAA) server is used to authenticate Cisco Prime Collaboration Provisioning subscribers when they log in to Cisco Prime Collaboration Provisioning.

Cisco Prime Collaboration Provisioning Concepts

Cisco Prime Collaboration Provisioning uses certain concepts to ease the management of Cisco Unified Communications Manager deployment. The concepts consist of the following:

• Domain

– A logical partition to subdivide a shared environment to create separate local administrative partitions containing service areas with domain partitions and subscribers. A domain can contain multiple service areas and may be associated with multiple Cisco Unified Communications Manager or Cisco Unity clusters.

– Example: A domain could be a company headquarters building or all subscribers in western Europe or each department in a large enterprise.

Best practice

If you want to give a group of subadministrators the ability to manage only a limited part of the voice network, then most likely you will want to create a domain for them to manage.

• Service area

– A logical partition to subdivide a shared environment within a domain to determine the class of service for each subscriber type. Subscriber services are mapped to the devices and application in the voice network. A service area is associated with only one Cisco Unified Communications Manager or one Cisco Unity cluster.

– Example: A service area can be a department within a company headquarters building domain (for example, engineering, marketing, finance, and other departments) or may be tied to a specific location or site.

Best practice

You most likely will have a service area for each class of service for each location you manage. See Figure 3.

Figure 3. Domain-Service Area Concept

• Users

– Users are those with authorization to perform various tasks in Cisco Prime Collaboration Provisioning. See Table 3 for more information on user roles.

– Global

– Complete authorization to perform all tasks in Cisco Prime Collaboration Provisioning.

– Cisco Prime Collaboration Provisioning admin (PMAdmin user), created at install, has global administrator rights.

– Domain

– Authorization is limited to tasks within a specific domain or, if using the Multidomain Admin function, one or more domains.

– Users can be assigned more than one user role within a single domain.

– Users can be assigned to manage multiple domains.

– Global administrators: Cisco Unified Communications experts who install the Cisco Prime Collaboration Provisioning application and set up the infrastructure, rules, and policy. They can assign domain admin roles to users.

– Domain admins: Junior help desk technicians who can order predefined service offerings.

– Domain admins with advance ordering privileges: Senior help desk technicians who can set provisioning attributes at time of order.

– Domain admin with infrastructure configuration role: A new domain role to allow nonglobal administrators to provision a specific set of infrastructure configuration objects. Service can be ordered for users. Thus, users become subscribers.

– User roles determine the level of access within Cisco Prime Collaboration Provisioning.

– Some domain-specific roles are applicable only if workflow is enabled.

– Example: A company wants to manage a Cisco Unified Communications network and give day 2 tasks to an IT help desk. In the IT help desk, there are junior and senior technicians. The roles could be as follows:

– Domain admin: Junior help desk personnel who can order predefined service offerings.

– Domain admin with advance ordering privileges: Senior help desk personnel who can set provisioning attributes at the time of the order.

– Domain admin with infrastructure configuration role: Senior help desk personnel who can add/edit/view/delete specific sets of infrastructure configuration objects to all call processors in a domain.

Best Practice

Initially, for each domain, set up one or more users with the ordering role at a minimum. If the preset workflow roles which are the defaults in the product are used, no other roles need be assigned, since workflow will perform activation automatically. Giving only the ordering role will allow users very fixed functionality. The administrator can provide more access once the users become familiar with the system.

Table 3. User Roles

User Type

User Roles

Rights

Global

Administration

Maintenance

Full rights (except maintenance)

Configure system cleanup activities

Domain specific (Users with these roles can only perform authorized tasks within their assigned domain).

• Policy infrastructure configuration management

• Ordering

• Advance assignment

• Approval

• Assignment

• Shipping

• Receiving

• Manage phone inventory, create new subscriber types, and set phone button templates

• Allows granular control over management of infrastructure products for nonglobal users

• All ordering privileges plus the ability to assign MAC at time of order

• Approve or reject orders

• Assign phone (MAC address) to an order

• Help ensure that the equipment is sent before order processing continues

• Help ensure that the equipment is received before order processing continues

• Subscribers

Entities that use IP telephony services provided by the Cisco Unified Communications System (that is, that have phones, lines, voicemail accounts, and so on).

Subscriber role type defines the products and services that can be provisioned for a subscriber.

Subscriber role types (refer to the User Guide for Cisco Prime Collaboration Provisioning for details):

– Employee

– Contractor

– Manager

– Sr. Manager

– Executive

– Operator

• Subscriber role types can be modified in a global template or on a per domain basis. The products and product bundles associated to a subscriber type can be customized. For example, one can configure the employee subscriber type only to provision phones of type 7961.

• Additional customized subscriber role types can be created in Cisco Prime Collaboration Provisioning.

If Cisco Prime Collaboration Provisioning Self-Care mode is enabled, subscribers can order services for themselves. Thus, a subscriber also becomes a limited user. Self-care can be enabled at the domain level so that all users in a domain have the self-care feature.

• Business rules

Cisco Prime Collaboration Provisioning contains a predefined set of business rules that control processing of orders, behavior of the synchronization process, and default values for various objects. Rules can be set per domain or in a global template assigned to all new domains.

Some commonly used rules (eight domain synchronization rules are introduced later in the section "How to Choose the Synchronization Rules"):

– Domain synchronization rules (see the section "How to Choose the Synchronization Rules" for more details on how to use them)

– AssociateAllUsersInCallProcessor

– AssociateAllUsersInUMProcessor

– AssociateOnlyExistingUsers (1.3)

– AssociateUsersByDeptCode

– AssociateUsersByDevicePool (1.3.1)

– AssociateUsersByLocation (1.3.1)

– TakePrimaryUserInfoFromUMProcessor (1.3)

– Non-RestrictedDomainSync (1.3)

– Workflow rules (see the User Guide for Cisco Prime Collaboration Provisioning for more details):

– IsAuthorizationRequiredForAddOrder

– IsAuthorizationRequiredForCancelOrder

– IsAuthorizationRequiredForChangeOrder

– PhoneAssignmentDoneBy

– PhoneReceiptDoneBy

– PhoneShippingDoneBy

– Rules by problem to be solved:

– Need to remove exchange data when a Cisco Unity account is deleted: Enable PurgeUponUmRemoval.

– Need subscribers to order service for themselves: Enable CreateSelfCareAccounts.

– Don't want help desk to choose phone template when provisioning phones: Disable ChoosePhoneButtonTemplates.

– Want to force a Cisco Unity subscriber to change the password after the password is reset by Cisco Prime Collaboration Provisioning: Enable ChangeUnityPasswordOnNextLogin.

– Need to import a user from Cisco Unified Communications Manager and to assign the subscriber role automatically: Configure the DefaultUserType rule as desired. By default this is configured to be Employee.

– Need to keep a phone number reserved after deleting it from a subscriber for a period of time before reassigning it back into the available numbers block: Enable the DNAutoReservation rule and configure DNAutoReservationTimeout as desired.

– Rules related to default values of provisioning attribute:

– DefaultCallManagerPassword

– DefaultCallManagerPIN

– DefaultCUPMPassword

– DefaultDeviceProfile

– DefaultUnitySubscriberPassword

– DescriptionString

– LineDisplayString

– ExternalNumberMasks

Best Practice

• Set the synchronization rules up for domains before the first sync. (See the section "How to Choose the Synchronization Rules" for more details on how to select domain synchronization rules).

• Leave the default settings for other rules until you gain experience with Cisco Prime Collaboration Provisioning. (Example: Workflow rules can be modified afterward).

• Provisioning attributes

Both call and messaging services have many attributes that can be assigned and that further define and enhance the service provided to the subscriber. For example, one attribute that can be defined on a phone as an enhancement to its use is the setting of speed dials. Within Cisco Prime Collaboration Provisioning, these settings are known as provisioning attributes, and they can be set at multiple levels within Cisco Prime Collaboration Provisioning to enforce policy, again simplifying the overall provisioning of subscriber services.

The provisioning attributes supported by Cisco Prime Collaboration Provisioning are documented in the User Guide for Cisco Prime Collaboration Provisioning.

Provisioning attributes can be set for domains, subscriber types, service areas, and during order entry. This order also defines the default order of precedence in the event that the same attribute is set at multiple levels. Cisco Prime Collaboration Provisioning allows users to reorder the precedence of domain, subscriber type, and service area.

– Let's look at a brief example to help clarify this:

– A policy at Chambers Engineering states that no subscribers in any of the offices in France are to have video capabilities on their phones except the executives.

– One way to implement this would be to set the phone attribute Video Capabilities to Enabled at the domain level and true for the executive subscriber type.

– Now, all orders for phones in the France domain will set Video Capabilities to Enabled, but for subscribers of type Executive, this will be overridden with a value of true.

– If an individual employee is also given clearance for video privileges, the employee's false setting can be overridden during order entry using the Advanced Options button.

Best Practice

Customers tend to set up provisioning attributes for the service area to establish templates for subscriber services; however, if you have a large number of service areas and the majority of them share the same provisioning attributes, set them at the domain level to reduce potential service area updating efforts.

• Ordering workflow

Cisco Prime Collaboration Provisioning has a built-in ordering workflow to coordinate activities in the ordering process. The activities include approving the order, assigning a phone to the order, shipping the product, and receiving the product.

This workflow can be customized to fit the customer's exact needs by enabling or disabling each step and assigning the enabled steps to Cisco Prime Collaboration Provisioning user roles.

By default, all steps are disabled. The workflow rules control enabling of any step of the workflow.

Best Practice

Leave workflow default values until you gain experience with Cisco Prime Collaboration Provisioning.

Business Analysis

Because Cisco Prime Collaboration Provisioning is typically used within the business processes of an organization, a brief business analysis activity early in the deployment process is highly recommended. This will provide the information necessary for how best to configure various Cisco Prime Collaboration Provisioning system objects. The following questions will help drive this analysis:

• Will fewer technical staff be "delegated" management capabilities for the day 2 (move, add, change) activity for subscriber services (example: a help desk, or administrative staff in various locations)?

• What groupings of subscribers map best to how you want to do this "delegated" management (example: geographic-based groupings or organizational-based groupings)?

– These questions will dictate the number of domains that will be created in Cisco Prime Collaboration Provisioning. Note that users with the domain-level access role (called the ordering role for a single domain within Cisco Prime Collaboration Provisioning) can only see subscribers in their own domain.

• Within each grouping of subscribers, which sites or locations do you want to manage?

• For each site or location, what classes of services are required?

• For each site or location, what device pools, phone protocols, voice mail templates, common device configuration, locations, and partitions are required?

• For each site or location, which devices will support that location?

– These questions will dictate the number of service areas that will be created in Cisco Prime Collaboration Provisioning for that domain. Service areas point to unique combinations of call processors and message processors (example: Cisco Unified Communications Manager and Cisco Unity). They also contain policy information on calling privilege, like calling search spaces within the Cisco Unified Communications Manager to be used for the service area. Directory number blocks can also be defined in service areas.

• Is a single Cisco Unified Communications application (example: Cisco Unified Communications Manager) shared across these groupings of subscribers and locations?

– This question will dictate how basic synchronization rules are set within Cisco Prime Collaboration Provisioning. For example, will Cisco Prime Collaboration Provisioning need to place subscribers into domains automatically at synchronization time based on the department code in the Cisco Unified Communications Manager, or can it put all users it finds into a Cisco Unified Communications Manager single domain?

Best Practice

• It is recommended that the initial deployment of Cisco Prime Collaboration Provisioning focus on defining the correct domains and service areas, provisioning attributes against these, and the basic rules covered in the section "Usage by Problem to Be Solved."

• Try to avoid flat domain/service area design; for example, having one domain with a thousand or hundreds of domains with one service area per domain is not good design.

• Domains can be designed based on delegation needs or geographic location.

• It is recommended to calculate the service areas needed for each domain beforehand. By default, the number of service areas needed will be the permutation and combination of six or seven attributes in the service area setup (class of service, device pool, phone protocols, voice mail templates, common device configuration, location, partition). If the number of service areas needed for a domain exceeds 100, consider breaking into two domains for easier manageability and optimal usability.

• It is easier to create multiple domains and remove some later, consolidating subscribers into fewer domains, than it is to create a small number of domains and later split subscribers into more domains.

• Consider the use of subscriber types, advanced rule settings, and other configuration parameters after these concepts are well understood.

Basic Task Flow

• Set up devices

– Add call processors (Cisco Unified Communications Manager publishers only, when using Cisco Unified Communications Manager clusters) and message processors to Cisco Prime Collaboration Provisioning as devices with capabilities assigned

– Configure call processors and message processors

– Perform infrastructure synchronization

– Perform subscriber synchronization

• Set up domain deployment

– Create domains and assign call processors and message processors

– Create service areas

– Configure rules

– Perform domain synchronization

– For preexisting call processors and message processors, verify that subscribers get created

• Provision network

– Create and push templates to configure Cisco Unified Communications Manager

– Or sync current provisioning configurations from existing deployment

• Set up deployment

– Create new service areas, as needed, for each domain, typically one per class of service

– Assign subscriber types to each service area

• Admin

– Add subscriber types

– Modify products available to subscriber types

– Create administrative users for each domain

– Configure business rules

• Set ordering workflow

– Order, update, or change subscriber services

Please refer to the Cisco Prime Collaboration Provisioning tutorial at http://www.cisco.com/web/learning/le31/le46/nmtg_training/vods/pc/pc90/PrimeCollabTraining.htm for details on the initial setup process of each of the above-listed areas.

How to Choose the Synchronization Rules

Domain Sync Rules

There are three types of synchronization in Cisco Prime Collaboration Provisioning: infrastructure sync, subscriber sync, and domain sync. Infrastructure sync discovers all objects in Communications Manager that Cisco Prime Collaboration Provisioning uses and that are not specific to individual subscribers; for example, calling search space, voice device groups, route patterns, and translation patterns. Subscriber sync discovers all objects related to individual subscribers; for example, configured phones, configured lines, and device profiles. Domain sync puts existing subscribers discovered during subscriber sync into the domain and appropriate service area.

Infrastructure sync and subscriber sync retrieve information from the device. These are unidirectional syncs. Cisco Prime Collaboration Provisioning does not update devices during these syncs. They should be completed on all devices before a domain sync is started. Domain sync aggregates data from the processor syncs. Devices are not accessed during this sync.

Domain sync behavior is controlled by the business rules. There are eight rules that can be configured for synchronizing a domain:

1. AssociateAllUsersInCallProcessor

If this rule is enabled, during a domain synchronization, all of the user accounts in all of the call processors in the domain are assigned to the domain being synchronized. In the example in Figure 4, all users in the call processor are placed in Domain 1. Sync on another domain will not have any users since all users have been placed in Domain 1. So this rule should be used to control domain sync when only one domain is configured in Cisco Prime Collaboration Provisioning. See Figure 4.

Figure 4. Example: Domain Sync with AssociateAllUsersInCallProcessor

2. AssociateAllUsersInUMProcessor

This behaves the same as AssociateAllUsersInCallProcessor. If this rule is enabled, all user accounts in a given Cisco Unified message processor are assigned to a Cisco Prime Collaboration Provisioning domain. This rule can be used to control domain sync when only one domain is configured in Cisco Prime Collaboration Provisioning.

3. AssociateOnlyExistingUsers

Users are first created in Cisco Prime Collaboration Provisioning in the desired domain. Domain sync associates users in a call processor only if they are already created in the domain. This rule is used only when you want to manually define the user assignment in a multidomain environment or none of other rules meets the requirement. Figure 5 shows an example.

Figure 5. Example: Domain Sync with AssociateOnlyExistingUsers

4. AssociateUsersByDeptCode

Users created in Cisco Unified Communications Manager with the department code field filled in are associated to the domain based on the value placed in this field. The list of department code values should be enclosed in double quotation marks (") and separated by the semicolon delimiter (;). Department code values may contain wildcards (* or %); for example, "Dept 1";"";"Dept 2";"Dept*3". Figure 6 shows an example.

Figure 6. Example: Domain Sync with AssociateUsersByDeptCode

This rule is used to partition users based on the department code in a multidomain environment. If you don't have a department code clearly defined for every user or a department code is not guaranteed to be unique across domains, this rule cannot be used.

5. AssociateUsersByDevicePool

Users are associated to a domain based on the device pool setting on the phone. Users are not associated if they do not have a phone. If this rule is set, domain sync will sync only those users that have a phone with the device pool specified in the data field. This rule is applicable only to Cisco Unified Communications Manager, not Communications Manager Express.

Sample data in the rule: "CCM1:DevicePool1";"CCM2:DevicePool2"; CCM1 or CCM2 is the Cisco Prime Collaboration Provisioning call processor name.

With this data, users that have a phone in CCM1 with device pool as DevicePool1 and users that have a phone in CCM2 with device pool as DevicePool2 will by synchronized. If either CCM1 or CCM2 is not part of the current domain, that part of the data will be ignored.

6. AssociateUsersByLocation

Users are associated to a domain based on the location setting on the phone. Users are not associated if they do not have a phone. If this rule is set, domain sync will sync only those users that have a phone with the location specified in the data field. This rule is applicable only to Cisco Unified Communications Manager, not Communications Manager Express. Sample data in the rule: "CCM1:Location1";"CCM2:Location2"; CCM1 or CCM2 is the Cisco Prime Collaboration Provisioning call processor name.

With this data, users that have a phone in CCM1 with location as Location1 and users that have a phone in CCM2 with location as Location2 will by synchronized.

If either CCM1 or CCM2 is not part of the current domain, that part of the data will be ignored.

7. TakePrimaryUserInfoFromUMProcessor

If enabled, user and subscriber information is updated from the associated Cisco Unified Message Processor account; otherwise it is updated from the call processor. When the rule is enabled, you can also specify the message processor ID, which takes precedence if a user has accounts on multiple message processors. This value can also be left blank to indicate no preference. This rule is used to handle inconsistent configurations across different call processors and message processors. Figure 7 shows an example.

Figure 7. Example: Domain Sync with TakePrimaryUserInfoFromUMProcessor

8. Non-RestrictedDomainSync

If this rule is enabled, Cisco Prime Collaboration Provisioning performs nonrestricted domain synchronization. Criteria used to find the service area for a product are relaxed to use only a call processor and protocol for the phone product; a call processor for the CTI port, line, enable extension mobility, and enable mobility support products; a call processor and messaging processor for the voicemail, email, and unified messaging products. In addition, only a call processor and messaging processor are used as criteria to match the directory number and voicemail. The user can define a list of service areas to be used. When more than one service area satisfies such criteria, the first matching service area from this list is selected. If no service area is defined or found, Cisco Prime Collaboration Provisioning selects a service area that satisfies the criteria. The service area names should be enclosed in double quotation marks (") and separated by the semicolon delimiter (;), for example, "DefaultSA1";"SA2".

When this rule is disabled, services are assigned to a user only if there are matching service area settings. For phones, Cisco Prime Collaboration Provisioning matches the following attributes: device pool, common device configuration, calling search space of phone, location, and protocol. For lines, Cisco Prime Collaboration Provisioning matches the following attributes: device pool of phone, common device configuration of phone, route partition of line, calling search space of line, location of phone. The domain sync log will show all services that do not have matching service areas.

Figure 8 gives an example with the Non-RestrictedDomainSync rule disabled.

Figure 8. Example: Domain Sync with Non-RestrictedDomainSync Rule Disabled

Figure 9 shows an example with the Non-RestrictedDomainSync rule enabled.

Figure 9. Example: Domain Sync with Non-RestrictedDomainSync Rule Enabled

From Figure 9, you can see that, by default, services are only assigned to subscribers and displayed under a subscriber record if there are matching service area settings. The number of service areas required might be a lot based on permutations and combinations of different service area attributes. The Non-RestrictedDomainSync rule will come in handy when you want to reduce the number of service areas needed and make sure all subscriber services show up and are manageable in Cisco Prime Collaboration Provisioning.

Note: Be aware that if you run a domain synchronization and then change the configured domain rule to Non-RestrictedDomainSync and then run another domain synchronization, any services that were not previously synchronized will be placed in a service area based on the Non-RestrictedDomainSync rule. This could result in services for a subscriber showing up in multiple service areas.

When configuring the rules, please follow the below general guidelines:

• Rules 1-6 determine how subscribers are placed into the domain.

• Rule 7 determines where information for a subscriber comes from.

• Rule 8 determines how services are matched to service areas in a domain.

• Some rules work in conjunction with others, while some rules are set exclusively.

• The rules AssociateUsersByDeptCode, AssociateUsersByDevicePool, and AssociateUsersByLocation can be used together.

• Once users are assigned to a domain, they cannot be moved to another domain. Users who need to be deleted need to be deleted for the entire domain.

If none of the business rules match your requirements, you can still import the users to domains through LDAP, UI, or a batch file.

Domain Sync Rules Interoperability

The following are all the rules that determine the call processor users that will be synchronized in a domain sync (includes the two new rules):

1. AssociateAllUsersinCallProcessor

2. AssociateOnlyExistingUsers

3. AssociateUsersByDeptCode

4. AssociateUsersByDevicePool

5. AssociateUsersByLocation

If the first rule is enabled, the settings of all the other rules are ignored. If the second rule is enabled, the settings of rules 3, 4, and 5 are ignored. The last three rules are additive in the sense that if two of them enabled, then only users that satisfy both the constraints are synchronized.

Suppose a domain has three call processors, CCM1, CCM2, and CCM3, and its rules are set like this:

• AssociateUsersByDeptCode: Enabled with data "Dept1"

• AssociateUsersByDevicePool: Enabled with data "CCM2:DevicePool2";"CCM3:DevicePool3"

• AssociateUsersByLocation: Enabled with data "CCM3:Location3"

When the domain sync is run, these users are synchronized:

• CCM1: Users with department code "Dept1"

• CCM2: Users with department code "Dept1" and with phones whose device pool is "DevicePool2"

• CCM3: Users with the department code "Dept1" and with phones whose device pool is "DevicePool3" and whose location is "Location3"

Configuring Rules Step by Step

Domains rules need to be configured properly before a sync is performed.

Step 1. Configure how users are placed in the domain.

Select

• AssociateAllUsersInCallProcessor + AssociateAllUsersInUMProcessor

• AssociateOnlyExistingUsers

OR any combination of

• AssociateUsersByDeptCode

• AssociateUsersByDevicePool

• AssociateUsersByLocation

Step 2. Configure how services for a user are assigned to service areas.

• Non-RestrictedDomainSync
(disabled by default)

Optional

• AssociateAllUsersInUMProcessor

• TakePrimaryUserInfoFromUMProcessor

Example:

Customer has an Active Directory integrated Communications Manager and has different domains set up for different branches.

Step 1.

Option 1:

• Set the department in Active Directory for users.

• Enable the AssociateUsersByDeptCode rule for each domain and specify the department code.

Option 2:

• Users can be placed using a combination of these rules: AssociateUsersByDevicePool and AssociateUsersByLocation.

• This requires that all users have an associated phone.

Option 3:

If the department code cannot be set and some users don't have associated phones:

• Create subscribers in Cisco Prime Collaboration Provisioning first in the desired domain. The batch action can be used if there are a lot of users.

• Enable the AssociateOnlyExistingUsers rule for domains.

Step 2. Enable the Non-RestrictedDomainSync rule to reduce the number of service areas needed. By default there will be a lot of service areas per domain needed for this customer to cover permutations on different calling search spaces and different device pools.

How to Examples

Taking Over an Existing Cisco Unified Communications Network

This section follows the exploits of a fictitious company as it deploys Cisco Prime Collaboration Provisioning to simplify the Cisco Unified Communications deployment.

Network Description

With operations in multiple countries, a fictional France-based utility firm is in the process of deploying Cisco Prime Collaboration Provisioning to simplify moves, adds, changes, and deletes (MACD). Customer already has an operational Cisco Unified Communications network so Cisco Prime Collaboration Provisioning will mainly be used for day 2 operations to speed up MACD.

Information for Cisco Prime Collaboration Provisioning Design and Configuration

The following information is collected to determine how to design and configure Cisco Prime Collaboration Provisioning:

• Sites

– 100 physical branch offices in total

– 10,000 IP phones

• Call processors

– Three Communications Manager clusters

– For each of the three Communications Manager publishers:

– Release 8.5

– Lightweight Directory Access Protocol synchronization and authentication

– Extension mobility

• Messages processors

– Three Cisco Unity Connections Version 8.5

• Administrative partitioning

– Based on delegation requirements, users are partitioned into eight administrative sites

• Subscriber services provisioning requirement

– Most users have phone, line, voicemail, and email

– Some users are provisioned with extension mobility (device profile and line) and voicemail

• Dial plan information

– There is one device calling search space per branch office

– There are four line calling search spaces per branch office

– There is one location code per branch office

– There is one device pool per branch office

– There are two common device configurations for all sites

– Only SCCP is used for phones

– Only one voicemail template is used per branch office

– Only one route partition is used for all sites

Configuring Cisco Prime Collaboration Provisioning: Set Up Devices

• Each Communications Manager publisher is entered in Cisco Prime Collaboration Provisioning:

– With extension mobility service and URL

– LDAP integration: Synchronization and authentication

• Three call processors are defined

• Each Cisco Unity Connection(primary Cisco Unity Connection) device is entered in Cisco Prime Collaboration Provisioning. Note: Cisco Prime Collaboration Provisioning doesn't support provisioning backup for Cisco Unity Connection devices.

• Perform infrastructure sync and subscriber sync for each Communications Manager and Cisco Unity Connection.

Configuring Cisco Prime Collaboration Provisioning: Set Up Domains

• Five domains are created, one per administrative site using the UI in Figure 10

• Each domain uses only one call processor and one message processor

• Cisco Prime Collaboration Provisioning allows automatic subscriber synchronization by matching the department code in the directory

• The department code is not guaranteed to be unique across domains

• For each domain, configure the AssociateUsersByDevicePool and/or AssociateUsersByLocation rules in Cisco Prime Collaboration Provisioning to allow synchronization of the subscriber in the domain

• Provisioning attributes: Phone: user_locale: French, Extension mobility access (device profile): user_locale: French

Figure 10. Domain Setup

Configuring Cisco Prime Cisco Prime Collaboration Provisioning: Set Up Service Areas

By default (without enabling the Non-RestrictedDomainSync rule), around 8 service areas per branch office are needed based on two common device configurations and four line calling search spaces per branch office. See Figure 11 for Service Area UI. In this case, the 800 service areas are distributed among eight domains, which might not cause usability issues. But the Non-RestrictedDomainSync rule can be enabled to reduce the number of service areas to 500. In that case, the most common device configuration is selected to be the common device configuration in the service area. The domain administrator is assigned the advanced ordering role and can modify the common device configuration during order time if needed. Bulk service area creation can be done through batch action.

• One service area per site containing:

– One call processor

– Phone Calling Searching Space: Site-specific value

– Line Calling Search Space: Select one out of four

– Common Device Config: Select one out of two

– Location: Site-specific value

– Device pool: Site-specific value

– Router Partition/Protocol: Default value for all sites

– One messaging processor

– Employee subscriber type is selected for the service area

– Directory number block: One predefined block per site to allow autoassignation

– Some provisioning attributes:

– Forward xxx: Set as the same line calling search spaces

– Description (extension mobility line)

• Domain sync needs to be performed before ordering services and after creating service areas.

Figure 11. Service Area setup

Configuring Cisco Prime Cisco Prime Collaboration Provisioning: Set Up Administration

• Multiple administrators will be defined:

– Some global administrators

– Some administrators per domains

• Workflow rules are not enabled.

• No additional subscriber roles are created, but edit the employee role to associate Unified Messaging Service and Extension Mobility Access with Line.

• Nightly sync is run to make sure that Communications Manager and Cisco Prime Collaboration Provisioning have the same data. For detailed information on scheduling sync, please check the user guide.

Subscriber Services Provisioning: Order, Update, or Change Subscriber Services

Subscriber services can be provisioned by a domain administrator or a global administrator.

Subscriber services can be provisioned using the batch provisioning feature or using the GUI (Figure 12) Order services for users that have phone, line, voicemail, and email:

• For subscribers, one Unified Messaging Service will be ordered where the administrator will have to choose:

– The domain (only if it's a global administrator)

– The unified messaging service (phone, line, voicemail, and email)

– The line type: Autoassigned line

– Voicemail alias and voicemail display name

– Email ID and display name

– The MAC address

– The service area

– The phone button template

For each subscriber that has an extension mobility line and voicemail, two orders are needed for the initial deployment.

• First order:

– Extension mobility access and line

– The line type: Autoassigned line

– Phone button template

– Some provisioning attribute:

– On the line: Pickup groups, line groups

• Second order:

– Voicemail

Figure 12. Cisco Prime Collaboration Provisioning Ordering GUI

Setting Up a New Cisco Unified Communications Network

Setting up Cisco Prime Collaboration Provisioning for a new Cisco Unified Communications network is slightly different. The following describes the differences:

• Synchronization (infrastructure sync, subscriber sync, and domain sync) doesn't need to be performed the first time when the call processors, messaging processors, and domains are set up in Cisco Prime Collaboration Provisioning as no configurations/users exist in the call processors and messaging processors. Nightly syncs are recommended to run when users configure Cisco Unified Communications devices with both Cisco Prime Collaboration Provisioning and a native Cisco Unified Communications interface.

• On day 1 of voice deployments, the main activity is to roll out the new branches and cut over subscribers from the older PBX network to the VoIP network. Templates (Figures 13 and 14) can be utilized, so it is best to capture common deployment settings in templates with keywords for devices or site names. For example, with the traditional approach, a customer might have three device calling search spaces (local, international, national) set up for each site. If you have 50 sites, you might end up defining hundreds of calling search spaces repeatedly using the native Communications Manager interface. A Cisco Prime Collaboration Provisioning template can be configured as in the example below (Figure 13) to allow for both consistency and reuse.

Note: The ${KEYWORD} construct allows you to create generic templates. The keyword is defined during configuration.

Figure 13. Cisco Prime Collaboration Provisioning Configuration Template

Then you can further define the keyword list with each keyword defined to be a real value such as Austin, San Jose, and so on.

Figure 14. Cisco Prime Collaboration Provisioning Keyword List

• Batches are used to bulk-add new users and move users to help enable easy rollouts of new offices. Cisco Prime Collaboration Provisioning provides sample files that contain most of the commonly used actions. The sample files are located in the /opt/cupm/sep/ipt/config/sample/batchProvisioning folder.

Typical Problems with Setup and Operation

Things to Remember When Using Batch Files

Batch action files must contain a single row of column headers. The data columns can be in any order, but must be in a tab-delimited text file, not in comma-separated value (CSV) format. You can compile the data in any text editor, provided that the resulting file conforms to these guidelines. For example, you can create batch files in a spreadsheet and then export them as tab-delimited files.

Cisco Prime Collaboration Provisioning provides sample files that contain most of the commonly used actions. The sample files are located in the /opt/cupm/sep/ipt/config/sample/batchProvisioning folder. You need to use SFTP as the root user to the Cisco Prime Collaboration Provisioning server to get the files.

Please also make sure that none of the data values contain a comma in your template creation, as the comma causes the parsing of the template to fail.

A certain minimum set of fields is required for every batch file. Some types of batches need more fields. The table below (Table 4) describe the minimum fields required for some batch action files.

Table 4 describes the minimum fields required for new users.

Table 4. Minimum Fields for New Users

OrderType	UserID	FirstName	LastName	Domain	ProductName	ServiceArea
Add	tsmith	Tom	Smith	westcoast	xxxx	San Jose

The FirstName field is optional but recommended.

For changing line batch operation, the following fields need to be there:

• OrderType

• UserID

• ProductName

• Domain

• ServiceArea

• Directory Number

• Route Partition

When creating batch action files, keep in mind the following guidelines:

• MAC address is required when ProductName is Phone (or a bundle containing a phone) and Phone Type is not a virtual phone (for example, CTI Port).

• New MAC address is required when changing phones.

• Object name is required when canceling products.

• Phone button template is required when ProductName is Phone (or a bundle containing a phone) or Extension Mobility Access (or a bundle containing an extension mobility access) and Phone Type is not a virtual phone (CTI Port) and when ordered in a service area associated with Cisco Unified Communications Manager only.

• Cisco Unity devices (Cisco Unity, Cisco Unity Connection, and Cisco Unity Express) do not support all products and services. If the batch action file is configured for a product that is not supported by the device in the specified service area, batch provisioning will fail.

• Product attributes that require user input during the manual order entry process are required to successfully complete the equivalent order in a batch project. Examples include:

– Phone Type: Type of phone (for example, Cisco 7960, Cisco 7912) if ordered product is a phone or a bundle that contains a phone

– Line Type: Type of line (for example, autoassigned line or chosen line) if ordered product is a line or a bundle that contains a line

– Directory Number: Required when ProductName is Line and Type is Chosen Line. Additionally, ordering a product with a dependency that is not met by the order itself (for example, ordering a single line) requires a column specifying the dependent object

– Route Partition: Required when ProductName is Line and Order Type is Change

For additional guidelines, please refer to the User Guide for Cisco Prime Collaboration Provisioning at http://www.cisco.com/en/US/docs/net_mgmt/prime/collaboration/9.5/provisioning/guide/Cisco_Prime_Collaboration_Provisioning_Guide_9_5.html.

Dealing with LDAP-Integrated Cisco Unified Communications Manager

Cisco Prime Collaboration Provisioning supports LDAP-integrated call managers for Communications Manager Versions 5.x and later. When adding an Active Directory-integrated Communications Manager to Cisco Prime Collaboration Provisioning using the CallProcessor wizard, you have the option of selecting the LDAP directory integration to be one of synchronization or of synchronization and authentication. This value must exactly match the value configured in Cisco Unified Communications Manager. If Cisco Unified Communications Manager is integrated with an external LDAP, subscribers are not created through Cisco Prime Collaboration Provisioning; instead they are synchronized through Cisco Unified Communications Manager. When placing an order in Cisco Prime Collaboration Provisioning, if a subscriber is not available on Cisco Unified Communications Manager, the workflow subsystem waits for a predefined period of time (24 hours by default) for the subscriber to be available on Cisco Unified Communications Manager and then continues processing the order. The 24-hour period can be configured on Cisco Prime Collaboration Provisioning in the ipt.properties file in /opt/cupm/sep directory.

Change the following two settings and restart Cisco Prime Collaboration Provisioning:

• dfc.oem.extdir.retries: 24

• dfc.oem.extdir.retry_interval: 3600

Restarting Cisco Prime Collaboration Provisioning steps:

Log in as the admin user using SSH to the Cisco Prime Collaboration Provisioning server. Then run the following command to stop the Cisco Prime Collaboration Provisioning server:

cpc2-prov/admin# application stop cpcm

Wait for a minute or two for the ports to be freed, then run the following command to start the server:

cpc2-prov/admin# application start cpcm

If a user is added into Active Directory, the user needs first to be synchronized to Communications Manager, and then the user can be synchronized from Communications Manager to Cisco Prime Collaboration Provisioning. How long it takes to get the user into Cisco Prime Collaboration Provisioning depends upon a couple of things:

• How often Communication Manager does the synchronization from Active Directory (which is configured on Cisco Unified Communications Manager), and

• Whether a synchronization from Cisco Unified Communications Manager to Cisco Prime Collaboration Provisioning is performed to automatically pull in the user to a domain, or whether a user is manually added in Cisco Prime Collaboration Provisioning.

To avoid performing Cisco Prime Collaboration Provisioning syncs after a user is added in Active Directory, a user can be added in both Active Directory and Cisco Prime Collaboration Provisioning in parallel. With Cisco Prime Collaboration Provisioning, you can also enable Cisco Prime Collaboration Provisioning LDAP sync to import users directly from LDAP. When services are ordered in Cisco Prime Collaboration Provisioning, the services will not be activated until the Active Directory to Communications Manager synchronization happens. But in this case, it is not necessary to do a Cisco Prime Collaboration Provisioning subscriber sync after a user is added in Active Directory.

Behaviors for Adding/Deleting Subscribers in Cisco Prime Collaboration Provisioning and UCM (Non-LDAP-Integrated UCM)

If you add a new subscriber in Cisco Prime Collaboration Provisioning, pseudo-subscriber or not, the user initially exists only in Cisco Prime Collaboration Provisioning.

When you provision services for a pseudo-subscriber, only the phone settings get provisioned into Cisco Unified Communications Manager. When you provision services for a real subscriber, the subscriber is created in UCM and the phone settings get provisioned into UCM.

If you create a new subscriber in UCM, it will usually get into Cisco Prime Collaboration Provisioning after subscriber and domain sync. But if you have sync rules such as AssociateUsersByDevicePool or AssociateUsersByDevicePool set up for a domain, then the subscribers without phones will not show up in Cisco Prime Collaboration Provisioning. You will have to manually add those subscribers into Cisco Prime Collaboration Provisioning.

If you delete a subscriber in UCM, Cisco Prime Collaboration Provisioning will not know it immediately because UCM does not have a notification function. After subscriber sync and domain sync, Cisco Prime Collaboration Provisioning will remove the service association from the subscriber. Phone services are not longer associated with the user. You can only delete or change them through the pseudo-subscriber approach. See the section "How to Manage Phones Without Associated Users."

If people have left the company, you can cancel their services and then remove those users from Cisco Prime Collaboration Provisioning. Cisco Prime Collaboration Provisioning will remove those users along with their services from UCM. This is why you should manage your users from Cisco Prime Collaboration Provisioning, not UCM. All your MAC work should be from Cisco Prime Collaboration Provisioning.

Cisco Prime Collaboration Provisioning Synchronization Tips

Some things to keep in mind when it comes to synchronizing call processors and message processors to Cisco Prime Collaboration Provisioning:

• When Cisco Prime Collaboration Provisioning encounters an error while in the middle of provisioning:

– Only partially configured information will be saved to the devices.

– Manual configuration is required to the device to complete the provisioning tasks; however, the changes made manually to the device will be resynchronized to the inventory database when Cisco Prime Collaboration Provisioning is back up again and a synchronization is requested.

• What happens when Cisco Unified Communications Manager Publisher fails?

– Will not be able to access any of the information on Cisco Unified Communications Manager server or cluster. It is recommended to add only Publisher to Cisco Prime Collaboration Provisioning.

Setting Up Scheduled Sync

• It is recommended to run sync at off-peak/midnight hours to avoid impact on both Communications Manager and Cisco Prime Collaboration Provisioning.

• It is recommended to have a nightly sync run to help ensure that Communications Manager and Cisco Prime Collaboration Provisioning have the same data.

• Besides running synchronizations on demand through the appropriate Cisco Prime Collaboration Provisioning UI, you can set up scheduled synchronizations. You must use the Scheduled Tasks functionality that comes with your operating system. For detailed information on scheduling sync, please use documentation in the User Guide for Cisco Prime Collaboration Provisioning at http://www.cisco.com/en/US/docs/net_mgmt/prime/collaboration/9.5/provisioning/guide/Cisco_Prime_Collaboration_Provisioning_Guide_9_5.html Why Am I Not Able to See the Phones and Line Under Some Subscriber Records?

By default, services are assigned to subscribers and displayed under the subscriber record only if there are matching service area settings. For phones, Cisco Prime Collaboration Provisioning matches the following attributes: Device Pool, Common Device Configuration, Calling Search Space of Phone, Location, and Protocol. For lines, Cisco Prime Collaboration Provisioning matches the following attributes: Device Pool of Phone, Common Device Configuration of Phone, Route Partition of Line, Calling Search Space of Line, Location of Phone. Make sure you add the corresponding service areas and redo the domain sync.

Tips for Using Cisco Prime Collaboration Provisioning

Enabling Non-RestrictedDomainSync to Reduce the Number of Service Areas

By default, services are assigned to subscribers and displayed under the subscriber record only if there are matching service area settings. The number of service areas required might be a lot based on permutations and combinations of different service area attributes. To reduce the number of service areas needed, you can enable Non-RestrictedDomainSync rule with one default service area per call processor to make sure services for all the existing users are manageable in Cisco Prime Collaboration Provisioning. Then you can create the new service areas to serve as service templates for Cisco Prime Collaboration Provisioning to manage all the new users.

Notes:

• The Non-RestrictedDomainSync always picks up the first service area from the list of service areas in the data field of the Non-RestrictedDomainSync rule and adds the service under that service area. Therefore if you have only one Communications Manager cluster, adding more than one service area to the data field will not have any effect. Only the first one will be used.

• Be aware that if you run a domain synchronization and then change the configured domain rule to Non-RestrictedDomainSync and then run another domain synchronization, any services that were not previously synchronized will be placed in a service area based on the Non-RestrictedDomainSync rule. This could result in services for a subscriber showing up in multiple service areas.

Why Did Some Subscriber Services Show Up in Multiple Locations (Service Areas)?

The services were probably already categorized under different service areas based on regular sync rules before the Non-RestrictedDomainSync rule was enabled. After the rule was enabled, it would have picked up the services that either could not be added to any customer record during previous syncs since matching service area was not found, or services that were added to the Communications Manager after the rule was enabled.

Those are the only reasons services might show up under different service areas. The only option is to delete the domain (not the call processors or Unified Message processors) and re-create the domains/service areas and then do a synchronization.

Why Doesn't the Extension Mobility Service Show Up in the Subscriber Record?

Please check the following:

• Make sure you have Extension Mobility Service subscribed for the subscriber.

• Make sure the service name defined in Cisco Prime Collaboration Provisioning is the name of the Extension Mobility Service configured on a call processor.

• Make sure the service URL defined in Cisco Prime Collaboration Provisioning is the Extension Mobility Service configured on the call processor: http://<IPAddress>/emapp/EMAppServlet?device=#DEVICENAME#
Where <IPAddress> is the name or the IP address of the server where Extension Mobility is installed.

Quick Site Builder

Use the Quick Site Builder by navigating to Design > Setup Deployment > Quick Site Builder. You can use this tool to create a domain and multiple service areas under this domain in a single screen as opposed to creating one service area at a time. See Figure 15.

Figure 15. Quick Site Builder

Handling Common Directory Number Mapping Across Multiple Service Areas

There are multiple ways to deploy, depending on whether the directory numbers need to have some significance within a domain or significance within a service area.

If directory numbers can be random within the entire domain, the directory number pool can be added to each service area. The directory number allocation in Cisco Prime Collaboration Provisioning will check whether the directory number it would be picking out of a block has been used, so the first service area to pick a directory number will get it and the other service area will then skip it to get the next one. In this design, subscribers get the next available number in the pool.

You may also allocate directory number blocks based on the calling search spaces setup or how many users are expected within a service area. In this case, some network planning needs to be done to decide how to allocate directory numbers. This option may be useful if each service area is to use certain ranges of directory numbers. For example building 1 is in SA1 and has extensions with 1xxxx, and building 2 is in SA2 and has extensions with 2xxxx.

In either case, you can have multiple directory number blocks per service area to fine-tune how the numbers get allocated.

Working with TAPS

The Tool for Auto-Registered Phone Support (TAPS) feature is supported on Communications Manager. So far it is suggested to be used in conjunction with the Bulk Administration Tool (BAT) to provide two features:

• Update MAC addresses and download predefined configuration for new phones

• Reload configuration for replacement phones

When new phones are added to Cisco Communications Manager, TAPS works in conjunction with BAT to update phones that were added to BAT using dummy MAC addresses. After BAT has been use to bulk-add the phones with dummy MAC addresses to Cisco Communications Manager Administration, one can plug the phones into the network. The user can dial a TAPS directory number that causes the phone to download its configuration. At the same time, the phone gets updated in Cisco Communications Manager Administration with the correct MAC address.

For the first case, instead of using BAT to provision the phones with dummy MAC addresses, Cisco Prime Collaboration Provisioning is extended to be able to provision these phones. During phone order entry, a choice box is presented to the user indicating whether this phone should use a dummy address (only available to users with advanced assignment role). Possible values are "Y" and "N" (default). When the user chooses "Y", the MAC address field will be hidden (and anything previously entered in that field will be cleared) to prevent the user from entering additional values. During order processing, Cisco Prime Collaboration Provisioning will generate a dummy MAC address that is not currently used in the system. The dummy MAC address assigned by Cisco Prime Collaboration Provisioning will be an internal MAC address that is not valid in the public domain. Cisco Prime Collaboration Provisioning will use a specific prefix for the MAC address (first three octets).

For the second case, if Communications Manager TAPS is configured to "Allow Auto-Registered phones to reset with any profile", the user can switch to a new phone simply by using the TAPS feature. Cisco Prime Collaboration Provisioning just needs to sync back the changes. If Communications Manager TAPS is configured to "Allow Auto-Registered phones to reset with a profile with dummy MAC address", the user can use Cisco Prime Collaboration Provisioning to change the MAC address of the existing phone to a dummy MAC address and use the same procedure to get the physical MAC address of the new phone updated in Communications Manager.

After a phone with a dummy MAC address is registered, the subscriber needs to be synchronized in order to get the new MAC address. Alternatively, subsequent Cisco Prime Collaboration Provisioning subscriber and domain sync will bring the system to the latest state.

For batch provisioning, if the product attribute "use DummyAddress" with the value "Y" is provided (value "N" instructs Cisco Prime Collaboration Provisioning to use existing logic), Cisco Prime Collaboration Provisioning will ignore the MAC address in the batch file (if presented) and generate a dummy address.

In the subscriber record, the phones configured for TAPS won't be showing any special attribute to indicate that. The only way the user will be able to find that a phone is configured for TAPS is by looking at the device name string next to the phone in the subscriber record, which will show a different prefix (BAT instead of SEP). This will happen only until the TAPS phone logs in to the TAPS application and gets the real address and a subsequent subscriber and domain sync has been done.

How to Manage Phones without Associated Users

Cisco Prime Collaboration Provisioning supports management and provisioning of phones that are not assigned to users. When users need to order products for some lobby or conference room, they can log in as admin and add a user with the pseudo-subscriber role and then use the Cisco Prime Collaboration Provisioning order system to order phone, line, voicemail, email, and other products for this user. To manage existing phones in Communications Manager that don't have any associated users, users can export orphan phones of one domain or of some call processors in a domain in a change owner batch file (Figure 15 and Table 5). Users could edit the file if needed and upload back into Cisco Prime Collaboration Provisioning through batch provisioning. Users must run a domain sync to get the orphan phones and dependent products as line, voicemail, and email created in the customer record.

Figure 16. Domain - Export Phone without Associated Users

Table 5. Sample Change Owner Batch File

Order Type	Domain	ServiceArea	Processor Name	ProductName	User ID	New User ID	New First Name	New Last Name	MAC Address	Subscriber Type
Change	Domain_1		CCM1	Phone		pseudo -55001		Conf_1	00000010001	Pseudo
Change	Domain_1		CCM1	Phone		pseudo -66001-RP1		Lobby	00000010002	Pseudo
Change	Domain_1		CCM2	Phone		pseudo -SoftPhone_1		SoftPhone_1	SoftPhone_1	Pseudo

Note: For optimal usability, it is recommended that you do not assign more than five phones to a single subscriber (pseudo-users or real users).

Using Cisco IOS Templates to Provision Communications Manager Express/Cisco Unity Express/SRST/Cisco IOS Devices

• Cisco Prime Collaboration Provisioning supports some functions without templates:

– Communications Manager Express: Create users, phones, and lines.

– Cisco Unity Express: Create users and voicemail boxes.

• Cisco IOS template support:

– The Cisco IOS template is a freeform text box that allows commands to be entered and then pushed to the target integrated services router device.

– Commands can have keywords typed in and then a keyword list is created.

– Templates exist in the infrastructure configuration and can be used with any user-assigned keyword.

– Templates also exist as provisioning attributes to phone and line. These templates have predefined keywords FIRSTNAME, LASTNAME, DIRECTORYNUMBER, and USERID.

– A Cisco IOS Software write is executed at the end of each template to save settings on the integrated services router device.

• Caveats for using Cisco IOS templates for Communications Manager Express/Cisco Unity Express/Survivable Remote Site Telephony (SRST)/Cisco IOS devices:

– All CLI commands entered must be syntactically correct.

– Commands (for example, exit) that change the line configuration mode should not be used.

– Do not use line configuration commands (for example, number or description) in this template. They will overwrite the configuration done by Cisco Prime Collaboration Provisioning when provisioning the line product.

– Do not use phone configuration commands (for example; mac-address, description, button, type, or username) in this template. They will overwrite the configuration done by Cisco Prime Collaboration Provisioning when provisioning the phone product.

– Keywords must be unique and not match any Cisco IOS command tokens or settings. It is recommended that keywords be preceded by a dollar sign to assure uniqueness.

– Templates do not have a provision for interactive responses.

– The button command can only support ":".

– Can send integrated services router setup commands for Survivable Remote Site Telephony (SRST) through the CLI template function but must set up SRST on Cisco Unified Communications Manager through the Cisco Unified Communications Manager GUI interface. (No AXL support is provided for provisioning SRST in Cisco Unified Communications Manager using Cisco Prime Collaboration Provisioning).

Frequently Asked Questions

1. What is the Set-Only provisioning attribute?

Set-Only is a provisioning attribute that contains a collection of attributes as follows:

• Cisco Prime Collaboration Provisioning only provisions the settings on the device, but does not sync and manage them in the Cisco Cisco Prime Collaboration Provisioning database.

• Cisco Prime Collaboration Provisioning does not support validation for their values.

• Brief description and data format are provided for each Set-Only attribute by the i (information) icon on UI.

• Supported assignment levels are service area, domain, and user type.

• These attributes can be set for phone, line, extension mobility line, and extension mobility access products.

2. How does Cisco Prime Collaboration Provisioning autoassign Direct Inward Dial (DID)?

When Cisco Prime Collaboration Provisioning goes to use a directory number out of a DID block, it first checks to see if it is already used (assumption here is that it is in sync with the Communications Manager). If it is used, it skips that one and gets the next number until it finds an unused one. So if users assign a pool of 5000 for autoassignment and 1200 of those were already used, it won't hand out duplicates.

3. Can I copy the settings from one phone to another phone?

Yes. With Cisco Prime Collaboration Provisioning, users can provision a new phone with settings that are the same as those on an existing phone, except for directory number, MAC, device description, and name-related fields. When a phone is copied, no services (lines, voicemails, or emails) on this phone are copied to the new phone.

Note: Feature is only available to users with advanced ordering role. Batch provisioning and API are not supported for this feature.

4. Can Cisco Prime Collaboration Provisioning manage users on Cisco Unity or Unity Connection who do not have an account on Communications Manager?

No.

5. Can Cisco Prime Collaboration Provisioning reset an existing Extension Mobility user PIN?

Yes. Cisco Prime Collaboration Provisioning can reset Phone PIN, which is also the extension mobility PIN.

6. What happens if a Cisco Prime Collaboration Provisioning user tries to update a subscriber password and the UCM is LDAP integrated?

If UCM is integrated with LDAP, Cisco Prime Collaboration Provisioning doesn't show an option to change the subscriber password on UCM but will still show an option to change the subscriber PIN on UCM. This is because the PIN is still stored locally in UCM. If the user has services on both LDAP-integrated and non-LDAP-integrated UCM then Cisco Prime Collaboration Provisioning will still show the option to change the subscriber password on UCM but will apply the change only to the UCM that is not integrated with LDAP.

7. Does Cisco Prime Collaboration Provisioning work with TAPS?

TAPS does not work with Cisco Prime Collaboration Provisioning; it works with UCM. Cisco Prime Collaboration Provisioning can create a phone with a dummy MAC address and provision UCM.

Subscriber plugs in the phone and TAPS manages to collect the MAC and userID. The TAPS server is used to get the MAC into UCM and will switch the real MAC for the dummy MAC. Cisco Prime Collaboration Provisioning will sync in the MACs from UCM. Cisco Prime Collaboration Provisioning will match up the dummy addresses of the phones with the real MACs and put it into the subscriber record. Now UCM and Cisco Prime Collaboration Provisioning will show the correct MAC for the subscriber's phone.

8. What are the bandwidth requirements for different user scenarios in Cisco Prime Collaboration Provisioning?

Bandwidth requirements are very low in nearly all cases.

1. Browser to Cisco Prime Collaboration Provisioning

Data transfer is very sporadic, only when requested. Cisco Prime Collaboration Provisioning does not use a lot of fancy graphics or flash presentation. Mouse clicks and typed text are generally passed from the browser to Cisco Prime Collaboration Provisioning and a fairly simple screen is presented back to the browser. In the case of provisioning through the wizard, if the admin does not manually refresh the screen, it will refresh once a minute. When a new screen is requested Cisco Prime Collaboration Provisioning will require between 5000 bytes and 300,000 bytes (300 kilo bytes) to get the new screen. When nothing is being updated on the browser screen bandwidth is essentially zero.

Worst case per admin logged in budget: 500,000 bytes (500 kilo bytes) burst every 5 seconds when ordering services, provisioning infrastructure or doing a search, for the duration of the task.

A 300,000 byte (300 kilo) burst every 1 minute when admin is not using Cisco Prime Collaboration Provisioning occurs only when the admin has left a screen visible that would normally receive an autoupdate (such as a subscriber record); otherwise this is zero bytes per second.

2. Cisco Prime Collaboration Provisioning to managed device

A. During sync

Cisco Prime Collaboration Provisioning will use the available bandwidth so more bandwidth means shorter sync times. Both Cisco Prime Collaboration Provisioning and Cisco Unified Communications Manager have throttling mechanisms to prevent either from overrunning the other. Many large customers deploy one Cisco Prime Collaboration Provisioning and sync worldwide clusters.

B. Provisioning UCM or other UC application

During the actual time provisioning is being done, Cisco Prime Collaboration Provisioning will use the available bandwidth to perform provisioning. Provisioning runs as a background process.

C. Talking to routers
This is Cisco IOS-oriented Telnet-type traffic. it comes in small bursts and uses what bandwidth is available - 2400 bps to 9600 bps is sufficient.

D. All other times
Little or no traffic occurs.

Timeout values are in multiple minutes so loss of connectivity for short periods of time is tolerated. There are no subsecond latency requirements to engineer into your network design to accommodate Cisco Prime Collaboration Provisioning. Cisco Prime Collaboration Provisioning uses a two-phase commit to complete orders, so if an order is in progress when a link failure occurs and subsequently times out, Cisco Prime Collaboration Provisioning will not mark the order complete, rather it will attempt to provision the order again; when the link is reestablished Cisco Prime Collaboration Provisioning will start the order again. When complete it marks the order complete.

Appendix

Cisco Prime Collaboration page on Cisco.com

http://www.cisco.com/go/primecollaboration

Install Guide for Cisco Prime Collaboration

http://www.cisco.com/en/US/docs/net_mgmt/prime/collaboration/9.5/quick/start/guide/Cisco_Prime_Collaboration_Quick_Start_Guide_9_5.html

End-User Guide for Cisco Prime Collaboration Provisioning

http://www.cisco.com/en/US/docs/net_mgmt/prime/collaboration/9.5/provisioning/guide/Cisco_Prime_Collaboration_Provisioning_Guide_9_5.html

Cisco Unified Communications Manager

http://www.cisco.com/en/US/products/sw/voicesw/ps556/index.html